Matt's Malware Enigma
- Thread starter Gnosis
- Start date
- Apr 26, 2011
- 2,779
It would be great if you can find a way to get a hold of that exact TDSS varient and infect your VM. Then try the popular software like, TDSS Killer, MBAM, HitMan Pro, GMER, ComboFix, NPE, Dr. Web, and so on. Also, utilize some good process explorers like Process Hacker 2, Autoruns and SpyDLL Remover. Try some safe mode initializations of anti-malware software that will work in the Safe Mode environment. Maybe even see if the, now unpopular, HiJack This tool can initially cripple it enough to deal with it more effectively. I am just shooting from the hip. You get my drift. I know it is a tall order, but this is fascinating stuff.:angel: Thank You MrXidus.
What would be neat is breaking the video up into an individual short segment for every anti-malware program that I spoke of; tdss vs. GMER; tdss vs. HitMan Pro; tdss vs. MBAM in safe mode; tdss vs. ComboFix in Safe Mode, etc. Something like that, while monitoring each individual performance with a good process explorer. I will also like to see if SpyDLL Remover and Process Hacker 2 can shut it down, and to see the intelligence they gather as you use MBAM and the others to attempt to destroy it.
I am really proud to be a part of our community. Over the last couple of years this group of people and our active forums, here and at rM previously, makes me feel as if we are some of the best in the world on the front lines when it comes to battling malware, esp. when it comes to assisting the many inexperienced users out there that come to us for help.
We may not create the software, but we are crafty in their applications. We are very informed.
What would be neat is breaking the video up into an individual short segment for every anti-malware program that I spoke of; tdss vs. GMER; tdss vs. HitMan Pro; tdss vs. MBAM in safe mode; tdss vs. ComboFix in Safe Mode, etc. Something like that, while monitoring each individual performance with a good process explorer. I will also like to see if SpyDLL Remover and Process Hacker 2 can shut it down, and to see the intelligence they gather as you use MBAM and the others to attempt to destroy it.
I am really proud to be a part of our community. Over the last couple of years this group of people and our active forums, here and at rM previously, makes me feel as if we are some of the best in the world on the front lines when it comes to battling malware, esp. when it comes to assisting the many inexperienced users out there that come to us for help.
We may not create the software, but we are crafty in their applications. We are very informed.
Tom172
Level 1
- Feb 11, 2011
- 1,009
Part 2 of “My Night With A New Nasty Rootkit”
http://remove-malware.com/client-notes/part-2-of-my-night-with-a-new-nasty-rootkit/
http://remove-malware.com/client-notes/part-2-of-my-night-with-a-new-nasty-rootkit/
- Apr 26, 2011
- 2,779
Your call. No pressure; would just be fun, that's all. Thanks to all involved if it pans out.
@Tomo
Thanks for the link. I almost forgot to check Matt's updated story.
ComboFix is obviously great, but it is scary that we are having to rely on one product to save us when things get really bad due to fresh malware releases.
@Tomo
Thanks for the link. I almost forgot to check Matt's updated story.
ComboFix is obviously great, but it is scary that we are having to rely on one product to save us when things get really bad due to fresh malware releases.
Similar threads
-
- Sticky
